<script>
$(document).ready(function(){

  $(document).ready(function() { 
            // bind 'myForm' and provide a simple callback function 
            $('#commentform').ajaxForm(function() { 
                alert("Thank you for your comment!"); 
								
				$("p.togglediv").fadeOut("slow");
				
				$("#commentform").slideUp("slow");
				
				$("p.commentbody:first").insertBefore("<p>ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ</p>");
				
				
				
            }); 
        }); 

  
});

</script>
<?php
 //if there is an ID given..
 if($userCan['viewpage']) {
 
        if ($_GET['id']) {
		
		
            //set $id to the URL id, cast to an INT
            //for security purposes
            $id = (int)$_GET['id'];
			$id = secure($id);
			
            //query the database
            $query = mysql_query("SELECT * FROM pages WHERE id = '$id' LIMIT 1") or die(mysql_error
                ());

            //if no rows returned...
            if (mysql_num_rows($query) == 0) {
                echo "That tutorial doesnt exist";
            }
            //else, show it!
            else {
                //update the views for this tutorial!
                $update_views = mysql_query("UPDATE pages SET views = views + 1 WHERE id = '$id'") or
                    die(mysql_error());

                //loop through the database
                while ($row = mysql_fetch_array($query)) {
                    echo "
                
                        <h3>$row[title]</h3><br />
						
                  
                      <p class='tutcontent'> $row[content] </p>
                    
                    ";
               
                  
             
                }
                //--------------------------------
                //this is where we loop through the
                //comments table to show all the
                //comments for this tutorial
                //--------------------------------
                $comments = mysql_query("SELECT * FROM page_comments WHERE tut_id = '$id' ORDER BY id DESC") or
                    die(mysql_error());

                //if there are no comments..
                if (!mysql_num_rows($comments) == 0) {
                 
				    while ($row = mysql_fetch_array($comments)) {
                        echo "
                    <p class='commentby'>Comment by: <b>$row[submitter]</b></p>
                    
                    <p class='commentbody'>$row[text]
                    
                    ";
                    }
				 
                }
               
			   echo "<p class='togglediv'>Comment</p>";
                 
                
                //show the form to enter comments
                echo "
          <div class='hide'>
            <form id='commentform' action='$self' method='post'>
                
                    
                   <label>Name</label><input id='commentname' type='text' name='name' maxlength='25'> <br /><br />
               
                    <label>Comment</label> <textarea id='commenttext' name='message' cols='40' rows='10'></textarea>
                
                    <input type='submit' name='add_comment' id='button' value='Add Comment'>
                
            </form>
			</div>
            ";
                //-----------------------------
                //if the comment submit form
                //HAS been submitted, enter info
                //to the database.
                //-----------------------------
                if ($_POST['message']){ 
                    //strip all HTML tags
                    //and get rid of any quotes to prevent
                    //SQL injection
                    $message = secure($_POST['message']);
                    $name = secure($_POST['name']);
                    $time = time();

                    //use an array to store all error messages
                    $error_msg = array();
                    if (empty($message)) {
                        $error_msg[] = "Please enter a message!<br />";
                    }
                    if (empty($name)) {
                        $error_msg[] = "Please enter a name!<br />";
                    }
                    //print the errors
                    if (count($error_msg) > 0) {
                        echo "<strong>ERROR:</strong><br>n";
                        foreach ($error_msg as $err)
                            echo "$err";
                    }
                    //else, everything is ok, enter it in the DB
                    else {
                        $query = mysql_query("INSERT INTO page_comments VALUES (NULL,'$id','$name', '$message', '$time')") or
                            die(mysql_error());
                    }
                
                echo "</table>";
            }
			}
        }
        //if not..
        else {
            echo "No ID specified!";
        }
		} else {
		
		echo 'You don\'t have permission';
		
		}
?>